Preface: I'm not a network or systems administrator. I have a little bit of networking experience, but it's limited to basic router configuration like port forwarding, setting alternate DNS servers, range extending, etc. I kind of understand the more complex things like VLANs and subnet masks, but not very well.
Our current setup:
We have about 8 computers and 1 printer connected via Ethernet to a fairly old switch, which is then connected to a Cisco WRVS4400n wireless router. We also have about 5 computers connected wirelessly to the router.
The problem is that we have two types of people in the office, employees and guests. Both of them need access to the Internet and the printer, but the two should not be able to communicate with each other, and we have services running on my dev computer that we definitely don't want guests to be able to access.
I started by creating two SSIDs, private and public, and enabled wireless isolation between them. So employees on the private network cannot communicate with guests on the public network. Which is perfect, except that they can both see and communicate with all the wired computers connected via Ethernet.
I did a bit of research, and it looks like VLANs are the way to go. So I created 3 VLANs:
- VLAN 1 = private
- VLAN 2 = public
- VLAN 3 = printer
I then assigned the private SSID to VLAN 1, and the public SSID to VLAN 2. Which appears to work so far.
What I can't figure out how to do is put the printer on VLAN 3, and make VLAN 3 communicate with VLAN 1 and VLAN 2? I'm sure it has something to do with subnet masks, but I'm not quite sure how to use them, and the several hours of fiddling I did got me nowhere. Any help would be much appreciated, thanks!
Best Answer
Buy a second printer for the visitors - seriously.
If you want to do this 'in network' properly (i.e. safely) you'll need a router or layer-3 switch - either is too complex, and probably too expensive, compared to buying a second printer.